Skip to content

Commit

Permalink
Fix parameters of accessforbidden
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Jun 4, 2019
1 parent 2c04a48 commit 969e139
Show file tree
Hide file tree
Showing 12 changed files with 18 additions and 105 deletions.
2 changes: 1 addition & 1 deletion htdocs/asset/document.php
View file
Expand Up @@ -145,7 +145,7 @@
}
else
{
accessforbidden('', 0, 0);
accessforbidden('', 0, 1);
}

// End of page
Expand Down
2 changes: 1 addition & 1 deletion htdocs/bom/bom_document.php
View file
Expand Up @@ -143,7 +143,7 @@
}
else
{
accessforbidden('', 0, 0);
accessforbidden('', 0, 1);
}

// End of page
Expand Down
4 changes: 3 additions & 1 deletion htdocs/compta/facture/card.php
View file
Expand Up @@ -3382,7 +3382,9 @@
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);

if ($user->societe_id > 0 && $user->societe_id != $object->socid)
accessforbidden('', 0);
{
accessforbidden('', 0, 1);
}

$result = $object->fetch_thirdparty();

Expand Down
2 changes: 1 addition & 1 deletion htdocs/modulebuilder/template/myobject_document.php
View file
Expand Up @@ -158,7 +158,7 @@
}
else
{
accessforbidden('', 0, 0);
accessforbidden('', 0, 1);
}

// End of page
Expand Down
88 changes: 0 additions & 88 deletions htdocs/public/ifttt/index.php
View file

This file was deleted.

8 changes: 4 additions & 4 deletions htdocs/public/opensurvey/studs.php
View file
Expand Up @@ -62,7 +62,7 @@
// Add comment
if (GETPOST('ajoutcomment', 'alpha'))
{
if (!$canbemodified) accessforbidden();
if (!$canbemodified) accessforbidden('', 0, 0, 1);

$error=0;

Expand Down Expand Up @@ -97,7 +97,7 @@
// Add vote
if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) // boutonp for chrome, boutonp_x for firefox
{
if (!$canbemodified) accessforbidden();
if (!$canbemodified) accessforbidden('', 0, 0, 1);

//Si le nom est bien entré
if (GETPOST('nom', 'nohtml'))
Expand Down Expand Up @@ -220,7 +220,7 @@
}
}

if (!$canbemodified) accessforbidden();
if (!$canbemodified) accessforbidden('', 0, 0, 1);

$idtomodify=$_POST["idtomodify".$modifier];
$sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs";
Expand All @@ -235,7 +235,7 @@
$idcomment=GETPOST('deletecomment', 'int');
if ($idcomment)
{
if (!$canbemodified) accessforbidden();
if (!$canbemodified) accessforbidden('', 0, 0, 1);

$resql = $object->deleteComment($idcomment);
}
Expand Down
3 changes: 1 addition & 2 deletions htdocs/resource/card.php
View file
Expand Up @@ -237,8 +237,7 @@

if ($action == 'create' || $action == 'edit')
{
if ( ! $user->rights->resource->write )
accessforbidden('', 0);
if (! $user->rights->resource->write) accessforbidden('', 0, 1);

// Create/Edit object

Expand Down
4 changes: 2 additions & 2 deletions htdocs/ticket/agenda.php
View file
Expand Up @@ -86,11 +86,11 @@
// restrict access for externals users
if ($user->societe_id > 0 && ($object->fk_soc != $user->societe_id))
{
accessforbidden('', 0);
accessforbidden();
}
// or for unauthorized internals users
if (!$user->societe_id && ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) {
accessforbidden('', 0);
accessforbidden();
}


Expand Down
2 changes: 1 addition & 1 deletion htdocs/ticket/card.php
View file
Expand Up @@ -647,7 +647,7 @@
{
// or for unauthorized internals users
if (!$user->societe_id && ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) {
accessforbidden('', 0);
accessforbidden('', 0, 1);
}

// Confirmation close
Expand Down
2 changes: 1 addition & 1 deletion htdocs/ticket/document.php
View file
Expand Up @@ -196,7 +196,7 @@
}
else
{
accessforbidden('', 0, 0);
accessforbidden('', 0, 1);
}

// End of page
Expand Down
2 changes: 1 addition & 1 deletion htdocs/user/document.php
View file
Expand Up @@ -174,7 +174,7 @@
}
else
{
accessforbidden('', 0, 0);
accessforbidden('', 0, 1);
}

// End of page
Expand Down
4 changes: 2 additions & 2 deletions htdocs/viewimage.php
View file
Expand Up @@ -170,7 +170,7 @@ function llxFooter()
else $type=dol_mimetype($original_file);

// Security: This wrapper is for images. We do not allow type/html
if (preg_match('/html/', $type)) accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 1, 1, 1);
if (preg_match('/html/', $type)) accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 0, 0, 1);

// Security: Delete string ../ into $original_file
$original_file = str_replace("../", "/", $original_file);
Expand All @@ -179,7 +179,7 @@ function llxFooter()
$refname=basename(dirname($original_file)."/");

// Security check
if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 1, 1, 1);
if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 0, 0, 1);

$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
$accessallowed = $check_access['accessallowed'];
Expand Down

0 comments on commit 969e139

Please sign in to comment.